Tag Archive for: stories

Cyber Security News Weekly Round-Up (Vulnerabilities, Threats & New Stories)

/in


The weekly cybersecurity news wrap-up provides readers with the latest information on emerging risks, vulnerabilities, ways to reduce them, and harmful schemes to help make defensive measures proactive.

A well-developed knowledge base is necessary for securing networks from the newest targets and vulnerabilities in the face of the changing risk landscape.

Staying updated with the latest trends, reports, and news is completely necessary nowadays.

Cyber Attacks

CoralRaider Hackers Steal Data

XClient stealer and RotBot are two attack tools that Vietnamese threat actor CoralRaider uses to steal financial data, login credentials, and social media information from victims in Asian and Southeast Asian countries.

Since 2023, the group has been operational with complex approaches where they would integrate Vietnamese vocabularies into their payloads as a sort of hard coding.

The most recent campaign by this threat group involves using Windows shortcut files to distribute malware targeting South Korean, Bangladeshi, and Chinese nationals. This is a significant threat to individuals and businesses in the region.

Chinese Hackers Using AI Tools To Influence Upcoming Elections

The report concerns how Chinese hackers could use AI to influence the elections. While no instances are specifically mentioned in the report, it cautions against this cyber risk. 

Not only that even AI can be used to generate deepfake videos, control social media sites and undertake highly developed cyber offences which makes it a very powerful tool to influence the elections. 

Moreover, the report stresses on increasing cybersecurity defenses against such threats including improvements in detection and response capabilities. 

While it highlights the need of remaining alert and proactive towards changing cyber risks especially in line with elections and politics at large.

Threat Actors Deliver Malware Via YouTube Video

The report highlights a recent malware campaign in which Vidar, StealC, and Lumma Stealer information-stealing malware are disseminated via YouTube videos by hackers. 

These videos that pretend to be guides for getting free software or game upgrades have links to cracked video games and pirated…

Source…

Cyber Security News Weekly Round-Up (Vulnerabilities, Cyber Attacks, Threats & New Stories)

/in


Welcome to the Cyber Security News Weekly Round-Up. Each week, we will explore the latest cyber threats, vulnerabilities, and notable stories that have shaped the cybersecurity landscape.

From sophisticated malware attacks to innovative phishing schemes, we cover the crucial updates you need to stay informed and protected.

Threats

Notepad++ Plugin Compromised by Hackers

Hackers have targeted a widely used Notepad++ plugin, “mimeTools.dll,” injecting malicious code that compromises users’ systems upon execution. The attack, discovered by the AhnLab Security Intelligence Center, leverages DLL Hijacking to execute encrypted malicious Shell Code, posing a significant threat to programmers and writers who rely on Notepad++ for its versatility and plugin support; read more.

Weaponized PDF Files Deliver Byakugan Malware

Cybersecurity researchers at Fortinet have uncovered a new attack vector involving weaponized PDF files used to deliver the multi-functional Byakugan malware. By exploiting the trust and popularity of PDFs, hackers have been able to infiltrate systems through malicious codes embedded in seemingly innocuous documents, highlighting the need for heightened awareness and protection against such files.

Fake E-Shopping Attack Targets Banking Credentials

A sophisticated fake e-shop scam campaign has been targeting users in Southeast Asia, hijacking banking credentials through phishing emails and malicious APKs. The attackers have expanded their operations, utilizing screen-sharing and exploiting accessibility services to gain more control over victims’ devices. This campaign underscores the evolving tactics of cybercriminals in their efforts to steal sensitive information.

Rhadamanthys Stealer Targets Oil and Gas Sector

The oil and gas sector has become the latest target of the Rhadamanthys Stealer malware, delivered through weaponized PDF files. This attack emphasizes the ongoing threat to critical infrastructure sectors and the importance of robust cybersecurity measures to protect against such sophisticated threats.

Ransomware Exploits Unpatched Vulnerabilities

A recent report highlights the increasing trend of ransomware attacks exploiting unpatched…

Source…

Top 10 investigations and national security stories of 2023

/in


This year saw Computer Weekly and Byline Times reveal an extraordinary secret campaign by right-wing Brexit supporters against the world’s leading science journal, Nature. The group, which had high-level connections in politics, business and intelligence, attempted to put Nature and its editor under surveillance and investigated by intelligence agencies for alleged “extreme Sinophile views”.

Surveillance has also been a preoccupation of the Home Office this year, as the government seeks to revise the Investigatory Powers Act 2016 to make it easier for police and intelligence agencies to access large databases on the population, and controversially to require tech companies to inform the government in advance if they make changes to their platforms that could impact surveillance capabilities.

Pressure from the government against tech companies that offer encrypted messaging and email services intensified with the passing of the Online Safety Act in October. The act gives regulator Ofcom powers to require tech companies to scan encrypted services for illegal content, a move that threatens to undermine the security of technology platforms. The act has become law, but it is yet to be seen how – or if – Ofcom will enforce it.

Electronic evidence has been another running theme this year, as Computer Weekly reported on a dispute by an NHS whistleblower and health trust over the authenticity of emails that relate to patient safety concerns. Another NHS employee, meanwhile, deleted thousands of emails before being due to give evidence at an employment tribunal. The courts have also yet to decide whether messages obtained from the police hacking of the EncroChat encrypted phone network are admissible. If they are not, people who have been convicted solely on the basis of EncroChat messages may have their cases overturned.

An investigation by Computer Weekly and Byline Times revealed that the science journal, Nature, had been the target of sustained secret attacks by extreme Brexit supporters with high-level political, commercial and intelligence connections. The group, which included former MI6 chief Sir Richard Dearlove, attempted to put members of staff at Nature

Source…

Can true crime stories about the internet keep individuals safe from cybercrime?

/in


If you were to visit the office of Joe Carrigan, a senior security engineer at Johns Hopkins University’s Information Security Institute (ISI), you’d notice a television screen displaying a looping slideshow. Among the featured content in the loop is a 2022 article from The New York Times, which recognizes his podcast for delving into discussions about the “dark side of the internet.”

That podcast is Hacking Humans, cohosted by Dave Bittner, who is also a producer for the pod by way of CyberWire, a B2B cybersecurity audio network. Hacking Humans focuses on the human side of cybersecurity problems.

“The idea of the Hacking Humans podcast is that it’s not a very technical podcast,” Carrigan said. We don’t talk about vulnerabilities, you know — we mention them tangentially, we mention them as necessary.”

According to Carrigan, a University of Maryland Global Campus computer science program alum, many people believe hackers are only interested in high-profile targets like nation-state actors or penetration testers. But anyone can become a target if they don’t protect themselves.

The Columbia, Maryland resident cited a country-by-county pay gap as a possible influence for those who might be employed by “scam centers” in countries like India and Nigeria — both known contributors to cyber crime, he said.

“If you look at the two countries, the average American makes around 73 times what the people in Nigeria and India make per year,” Carrigan told Technical.ly. “… If these guys [scammers] can scam somebody out of 25 bucks every day, seven days or six or seven days a week, in a year, they make three to four times what the average income is in their country, and they’re doing well.”

The podcast aims to bridge the gap between more technical cybersecurity discussions and the general public.

On a recent episode of the podcast (Season 6, Episode 262), for instance, Bittner — who is also an alumnus of the University of Maryland system — sounds surprised as Carrigan presents findings from a survey about people’s understanding of cybersecurity, including the jargon commonly used in the field. The survey was conducted by ISI and commissioned by…

Source…